What Every Webmaster Should Know About Code Installation – PubCon 2011

This session focused on security issues that most sites are prone to and what can web developers and web masters do to protect their site against these security vulnerabilities.

Here are some of the highlights from the session:

Hackers can have various motivations to find security loopholes on your site. Some of the major reasons why they hack your web site are to:

Drop links or cookies

Steal logins, blackmail people

Build botnets

Redirect users to 3-rd party sites selling advertisement

Crush competition

Steal credit cards

Abuse your server (email, attacks, etc)

Hackers use multiple tools to accomplish their goals. In general, basic hacking has become easier since most of the information is available online to general public. Not only that, portscanners, evil software – SARA Brutus, etc – can be used by hackers to find potential holes on your site.

The 1st entry point of attack is SQL injection, i.e. “input SQL statements in a web form to get a badly designed website to dump the database content to the attacker.” SQL injection happens because of incorrect type handling, incorrect pagination, username and password fields.

To ensure that your site is hardened against these attacks, you can take the following steps:

Check your access logs

Check file modification time

Revert to backup

Change passwords

Patch the hole

Audit your site regularly

Use the same tools hackers employ to find loopholes on your site. But be careful: if the tools are not used properly, you can compromise the security of your own site

Identify access patterns of automated tools. Sqlmap is a great free tool that you can use to find access patterns used by hackers

Blacklist hosts that initiate attacks

Never connect to the database as a super admin user or the database owner

Check expected data type

Escape user supplied values

Do not print out any database specific information, especially about the schema

Do not show raw errors to the display

Some of the tools you can use to protect yourself

Iptables – for linux server

Squit, Snort, Guardian – these tools help filter for SQL injection, disables remote IP attack, and speeds up your site